218f95c1c927e4fc7f62685ff88b853d

Sharing

Copy URL Twitter E-mail

General

Target

218f95c1c927e4fc7f62685ff88b853d
Size

83KB
MD5

218f95c1c927e4fc7f62685ff88b853d
SHA1

3dffcbc52a34d7fa82f37a13c25d8b7d726318e6
SHA256

6fdc5be00cc931bd93692c24030e3822774d004c9ccc796c1f51d366f4ed202a
SHA512

372a37d26dad2836ce37752ab07e4058b17e2b95c375e52dd36ceef04da1846319ee0ebfe84c531a840b2b7dc27af48dc0d3b3f0a33b8d392f1f1dc042996567
SSDEEP

1536:BpqRzTXuwn7rZb2d8QgHBOQrDr+gKy6iTKM+wVnO4tliXNF8v2Y:BpWfXVdm8QgHBOumyBtnO4tOrY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
218f95c1c927e4fc7f62685ff88b853d

Files

218f95c1c927e4fc7f62685ff88b853d
.exe windows:5 windows x86 arch:x86

4f5eaa2d712b03fae95ed430f809e5c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsCrackNamesA
DsClientMakeSpnForTargetServerW
DsWriteAccountSpnA
DsListInfoForServerA
DsRemoveDsDomainA
DsRemoveDsServerW
DsFreeSchemaGuidMapW
DsReplicaSyncAllA
DsCrackNamesW
DsLogEntry
DsGetDomainControllerInfoW
DsReplicaModifyW
DsIsMangledDnA
DsServerRegisterSpnW
DsReplicaAddW
DsQuoteRdnValueW
DsReplicaFreeInfo

kernel32

CopyLZFile
ClearCommBreak
FreeUserPhysicalPages
GetSystemTimeAsFileTime
GetConsoleCommandHistoryLengthW
InvalidateConsoleDIBits
GetConsoleCommandHistoryW
GetTickCount
GetCurrentThreadId
HeapValidate
GetGeoInfoW
QueryPerformanceCounter
SetLocalTime
SetFileValidData
GetVolumePathNamesForVolumeNameA
VirtualAlloc
GetCurrentProcessId
BackupSeek
LoadLibraryA
CreateEventA
lstrcmpiW
GetStartupInfoA
SetThreadIdealProcessor

msvcp60

??_7?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@6B@
?_Init_cnt@Init@ios_base@std@@0HA
??_7?$moneypunct@G$00@std@@6B@
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?signaling_NaN@?$numeric_limits@E@std@@SAEXZ
?round_error@?$numeric_limits@O@std@@SAOXZ
?positive_sign@?$_Mpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??_8?$basic_istream@GU?$char_traits@G@std@@@std@@7B@
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Sinh@?$_Ctr@M@std@@SAMMM@Z
?what@runtime_error@std@@UBEPBDXZ

oleaut32

VarDecFromUI2
VarEqv
VariantChangeTypeEx
LoadTypeLib
VarUI8FromUI4
SafeArrayGetVartype
SysReAllocString
VarDecFix
VarOr
SystemTimeToVariantTime
VarI2FromDec
VarUI1FromI2
VarI2FromI4
VarCyFix
QueryPathOfRegTypeLib
VarUI2FromI1
VarCyFromUI1

crtdll

strcspn
_ismbcdigit
_y1
strtol
_osversion_dll
_close
_mbctokata
free
_fpieee_flt
getchar
abs
_except_handler2
_fpclass
_fstat

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f5eaa2d712b03fae95ed430f809e5c5

Headers

DLL Characteristics

File Characteristics

Imports

ntdsapi

kernel32

msvcp60

oleaut32

crtdll

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 31KB - Virtual size: 79KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 31KB - Virtual size: 79KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 272B